iaik.pkcs.pkcs11.provider.keyfactories

Class PKCS11SecretKeyFactory

java.lang.Object

javax.crypto.SecretKeyFactorySpi

iaik.pkcs.pkcs11.provider.keyfactories.PKCS11SecretKeyFactory

All Implemented Interfaces:

PKCS11EngineClass

Direct Known Subclasses:

SecretKeyFactory

public abstract class PKCS11SecretKeyFactory
extends javax.crypto.SecretKeyFactorySpi
implements PKCS11EngineClass

This is a base key factory that transforms symmetric key specs into PKCS#11 key objects and vice versa.

Author:

Karl Scheibelhofer

Field Summary

Fields

Modifier and Type	Field and Description
protected PKCS11KeySpec	pkcs11KeySpec_ The specification how to generate the key.
protected boolean	pkcs11OperationInitialized_ Indicates, if the PKCS#11 signature/verify is already initialized for the next operation round.
protected iaik.pkcs.pkcs11.Session	session_ The session this object works with.
protected javax.crypto.SecretKeyFactory	softwareDelegate_ This is the software delegate object to use, if the provided key spec is not the key spec for a PKCS#11 key.
protected TokenManager	tokenManager_ Token manager used to login session, if required.

Constructor Summary

Constructors

Constructor and Description
PKCS11SecretKeyFactory() Default constructor.

Method Summary

Modifier and Type	Method and Description
protected java.security.Key	createKey(iaik.pkcs.pkcs11.objects.Object keyCreationTemplate) This method creates a Java key from the given key creation template.
protected javax.crypto.SecretKey	engineGenerateSecret(java.security.spec.KeySpec keySpec) Converts the given key specification (key material) into a SecretKey object.
protected java.security.spec.KeySpec	engineGetKeySpec(javax.crypto.SecretKey key, java.lang.Class keySpecClass) Returns a specification (key material) of the given key object.
protected javax.crypto.SecretKey	engineTranslateKey(javax.crypto.SecretKey key) Translates a key object of some unknown or untrusted provider into a secret key object of this key factory.
protected void	finalize() Tries to close the used session.
protected void	finalizePkcs11Operation() The internal session finalization method, if the current operation has been finished.
protected abstract java.lang.String	getAlgorithmName() Get the (default) algorithm name of this factory.
protected abstract java.lang.String	getSoftwareDelegateAlgorithm() Return the name of the software algorithm to use, if this object must use a softwre delegation object.
protected void	initializePkcs11Operation() The internal session initialization method, if all necessary member variables are set.
protected void	initializeSession() Sets up an appropriate session.
protected void	initializeSoftwareDelegate() Initialize the software delegate key factory and store a reference in softwareDelegate_.
protected boolean	isSessionAppropriate(iaik.pkcs.pkcs11.Session session, PKCS11KeySpec pkcs11KeySpec) Checks, if the given session is appropriate for use accodring to the given key spec.
boolean	isSupportedBy(TokenManager tokenManager) Check, if the current token of the given token manager supports the required features for this engine class.
protected abstract javax.crypto.SecretKey	pkcs11GenerateSecret(java.security.spec.KeySpec keySpec) Converts the given key specification (key material) into a SecretKey object.
protected abstract java.security.spec.KeySpec	pkcs11GetKeySpec(javax.crypto.SecretKey key, java.lang.Class keySpecClass) Returns a specification (key material) of the given key object.
protected javax.crypto.SecretKey	pkcs11TranslateKey(javax.crypto.SecretKey key) Translates a key object of some unknown or untrusted provider into a secret key object of this key factory.

Methods inherited from class java.lang.Object

clone, equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

tokenManager_

protected TokenManager tokenManager_

Token manager used to login session, if required.

session_

protected iaik.pkcs.pkcs11.Session session_

The session this object works with.

pkcs11OperationInitialized_

protected boolean pkcs11OperationInitialized_

Indicates, if the PKCS#11 signature/verify is already initialized for the next operation round.

pkcs11KeySpec_

protected PKCS11KeySpec pkcs11KeySpec_

The specification how to generate the key.

softwareDelegate_

protected javax.crypto.SecretKeyFactory softwareDelegate_

This is the software delegate object to use, if the provided key spec is not the key spec for a PKCS#11 key. This is only set, if useSoftwareDelegation_ is set.

Constructor Detail

PKCS11SecretKeyFactory

public PKCS11SecretKeyFactory()

Default constructor.

Method Detail

isSupportedBy

public boolean isSupportedBy(TokenManager tokenManager)

Check, if the current token of the given token manager supports the required features for this engine class.

Specified by:

isSupportedBy in interface PKCS11EngineClass

Parameters:

tokenManager - The token manager. Used to get information about the current token.

Returns:

True, if this engine class can be used with the currently present token of the given token manager.

Preconditions:

(tokenManager <> null)

engineGenerateSecret

protected javax.crypto.SecretKey engineGenerateSecret(java.security.spec.KeySpec keySpec)
                                               throws java.security.spec.InvalidKeySpecException

Converts the given key specification (key material) into a SecretKey object.

Specified by:

engineGenerateSecret in class javax.crypto.SecretKeyFactorySpi

Parameters:

keySpec - the specification (key material) to be converted into SecretKey representation.

Returns:

the SecretKey object

Throws:

java.security.spec.InvalidKeySpecException - if the given key material cannot be converted into a SecretKey object by this key factory

See Also:

SecretKeyFactorySpi.engineGenerateSecret(KeySpec)

engineGetKeySpec

protected java.security.spec.KeySpec engineGetKeySpec(javax.crypto.SecretKey key,
                                                      java.lang.Class keySpecClass)
                                               throws java.security.spec.InvalidKeySpecException

Returns a specification (key material) of the given key object. keySpec identifies the specification class in which the key material should be returned. It could, for example, be SecretKeySpec.class, to indicate that the key material should be returned in an instance of the SecretKeySpec class.

Specified by:

engineGetKeySpec in class javax.crypto.SecretKeyFactorySpi

Parameters:

key - The key.

keySpecClass - The specification class in which the key material should be returned.

Returns:

The underlying key specification (key material) in an instance of the requested specification class.

Throws:

java.security.spec.InvalidKeySpecException - if the requested key specification is inappropriate for the given key, or the given key cannot be dealt with (e.g., the given key has an unrecognized format).

engineTranslateKey

protected javax.crypto.SecretKey engineTranslateKey(javax.crypto.SecretKey key)
                                             throws java.security.InvalidKeyException

Translates a key object of some unknown or untrusted provider into a secret key object of this key factory.

Specified by:

engineTranslateKey in class javax.crypto.SecretKeyFactorySpi

Parameters:

key - the key of some unknown or untrusted provider

Returns:

the translated key

Throws:

java.security.InvalidKeyException - if the given key cannot be translated by this key factory

See Also:

SecretKeyFactorySpi.engineTranslateKey(SecretKey)

getAlgorithmName

protected abstract java.lang.String getAlgorithmName()

Get the (default) algorithm name of this factory.

Returns:

The name of the key algorithm of this factory.

Postconditions:

(result <> null)

getSoftwareDelegateAlgorithm

protected abstract java.lang.String getSoftwareDelegateAlgorithm()

Return the name of the software algorithm to use, if this object must use a softwre delegation object.

Returns:

The name of the software secure random; e.g. AES.

Postconditions:

(result <> null)

pkcs11GenerateSecret

protected abstract javax.crypto.SecretKey pkcs11GenerateSecret(java.security.spec.KeySpec keySpec)
                                                        throws java.security.spec.InvalidKeySpecException

Converts the given key specification (key material) into a SecretKey object.

Parameters:

keySpec - the specification (key material) to be converted into SecretKey representation.

Returns:

the SecretKey object

Throws:

java.security.spec.InvalidKeySpecException - if the given key material cannot be converted into a SecretKey object by this key factory

See Also:

SecretKeyFactorySpi.engineGenerateSecret(KeySpec)

pkcs11GetKeySpec

protected abstract java.security.spec.KeySpec pkcs11GetKeySpec(javax.crypto.SecretKey key,
                                                               java.lang.Class keySpecClass)
                                                        throws java.security.spec.InvalidKeySpecException

Returns a specification (key material) of the given key object. keySpec identifies the specification class in which the key material should be returned. It could, for example, be DHPublicKeySpec.class, to indicate that the key material should be returned in an instance of the DHPublicKeySpec class.

Parameters:

key - The key.

keySpecClass - The specification class in which the key material should be returned.

Returns:

The underlying key specification (key material) in an instance of the requested specification class.

Throws:

java.security.spec.InvalidKeySpecException - if the requested key specification is inappropriate for the given key, or the given key cannot be dealt with (e.g., the given key has an unrecognized format).

Postconditions:

(result <> null)

Preconditions:

(key <> null) and (keySpecClass <> null)

pkcs11TranslateKey

protected javax.crypto.SecretKey pkcs11TranslateKey(javax.crypto.SecretKey key)
                                             throws java.security.InvalidKeyException

Translates a key object of some unknown or untrusted provider into a secret key object of this key factory.

Parameters:

key - the key of some unknown or untrusted provider

Returns:

the translated key

Throws:

java.security.InvalidKeyException - if the given key cannot be translated by this key factory

See Also:

SecretKeyFactorySpi.engineTranslateKey(SecretKey)

createKey

protected java.security.Key createKey(iaik.pkcs.pkcs11.objects.Object keyCreationTemplate)
                               throws java.security.spec.InvalidKeySpecException

This method creates a Java key from the given key creation template.

Parameters:

keyCreationTemplate - The template for the PKCS#11 key object.

Returns:

The new Java key that contains the created PKCS#11 key.

Throws:

java.security.spec.InvalidKeySpecException - If creating the PKCS#11 key fails.

initializeSession

protected void initializeSession()

Sets up an appropriate session. The key must be set before.

initializePkcs11Operation

protected void initializePkcs11Operation()

The internal session initialization method, if all necessary member variables are set.

finalizePkcs11Operation

protected void finalizePkcs11Operation()

The internal session finalization method, if the current operation has been finished.

initializeSoftwareDelegate

protected void initializeSoftwareDelegate()

Initialize the software delegate key factory and store a reference in softwareDelegate_.

isSessionAppropriate

protected boolean isSessionAppropriate(iaik.pkcs.pkcs11.Session session,
                                       PKCS11KeySpec pkcs11KeySpec)
                                throws iaik.pkcs.pkcs11.TokenException

Checks, if the given session is appropriate for use accodring to the given key spec.

Parameters:

session - The seesion to check.

pkcs11KeySpec - The key spec to check against.

Returns:

True, if the given session can be used as is.

Throws:

iaik.pkcs.pkcs11.TokenException - If getting the necessary information about the session fails.

finalize

protected void finalize()
                 throws java.lang.Throwable

Tries to close the used session.

Overrides:

finalize in class java.lang.Object

Throws:

java.lang.Throwable - If disposing the session or finalization fails.